Chasing the White Whale: How Advanced Attacks Leverage Spear Phishing
// A Collection of Bromides on Infrastructure
Information security becomes increasingly important as the frequency of cyber attacks increases. From Target to Sony, the past 12 months have played host to the largest volume of attacks in recent memory. We are witnessing the rise of the targeted attack, which is frequently accompanied by spear phishing campaigns.
Phishing is not new. I recall receiving suspicious emails and messages on my America Online account in the 1990s, warning that my account would be suspended unless I replied to provide my password. Similar scams persist for online banking, eBay and PayPal. Cyber criminals show no signs of abandoning phishing because it continues to work.
In 2010, Google announced that it had been compromised by spear phishing during "Operation Aurora." Likewise, RSA fell victim to spear phishing in 2011. More recently, the Target breach in 2013 can be traced back to a spear phishing email. It seems that the easiest way to infect a major enterprise is to ask an employee to click on an infected file.
Spear phishing is insidious because it preys upon the weakest link of information security systems, its users. Social engineering entices users to click on malicious documents and URLs by suggesting they may be related to work, such as budgets, invoices or shipping notification. Truly advanced attacks may leverage social networking, such as LinkedIn, to customize spear phishing emails.
Ultimately, the goal of these spear phishing attacks is to execute undetectable malware, which evades traditional security solutions, such as antivirus. Once the initial endpoint is compromised, the attack can proliferate across the network before exfiltrating data to command and control servers.
This Thursday, December 18, Bromium will be hosting a Webinar, "The Tip of the Spear: Defeating Spear-Phishing." Join Bromium Sr. Director of Products Bill Gardner to learn:
- Why cybercriminals are ramping up their spear-phishing attacks
- The most common methods used in these attacks to 'get the click'
- A revolutionary new approach that can actually counter these attacks and secure both your endpoint and your network
Register today: http://learn.bromium.com/webr-tip-of-the-spear.html
Shared via my feedly reader
Sent from my iPhone